Resharing Loophole: Is This Google+’s First Privacy Flub?

Has anything gone from “That’s dumb!” to “Ooh, I wish I could get in…” to “Hey! This is cool!” as quickly as Google+ has?

It’s like a hot new nightclub opened in town, and everyone’s waiting to get in—but you’re not really a party person, so you’re at home playing on the internet sorting your contacts into Google+ Circles. You know what you like and people respect that.

And now that we’ve spent some time with Google’s new social network, first impressions are starting to roll in. Including us here at Techland, a good number of reviews are tipping towards the positive side.

Take, for instance, one of Google+’s cooler aspects: Its ability to arrange a user’s connections into “Circles” like friends, family, co-workers and acquaintances. From there, a user can choose to share content with an individual Circle. For example, if you wanted to post a vacation photo for Mom and others to see within your “family” Circle, you upload your picture and voilà!— instant photo sharing with your loved ones.

But FT Tech Hub may have spotted Google+’s first security flaw. When you post something to a particular Circle, other users within it can choose to “share” that content with their friends— even if you’re not a part of those extended Circles.

FT Tech Hub explains:

“Say a close friend of mine posts a picture of her kids to her ‘friends’ Circle. With the ‘share’ option on every Google+ post, I can reshare this with absolutely anyone, from another Circle to which my friend does not belong, right through to making it completely public. The same loophole applies not just to photos but to any kind of post, as far as I can tell.

If she’d known about this risk (and how would she?), my friend could have disabled resharing using the drop-down menu on the right-hand side of every post, but it doesn’t seem to be possible to do this before she’d already published it. Google+ also, for now, lacks any way to turn off resharing of all your posts from within its privacy settings.”

They’ve since reported the problem to Google, who acknowledged its existence and will work to rectify it.

Privacy is one of the bigger issues that Google+ has been drawing praise for— a lesson likely learned from all the maligning the company endured with Google Buzz, and something that separates it from its biggest competitor, Facebook.

More loopholes will surely be spotted, but that’s kind of the point of a limited release: To pinpoint problems before they become something bigger. I mean, that whole exclusive rollout worked out pretty well for Facebook, didn’t it?